I . Amendments to the Claims 

Please amend the claims as follows with the following 
version of the claims in accordance with revised 37 CFR § 1.121. 
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1. (Amended) A method for management of a distributed data 

processing system, the method comprising: 

configuring geographic location information for resources 
within the distributed data processing system; 

identifying router systems within the distributed data 
processing system; 

determining a set of router systems that are closest to a 
geographic boundary such that each router system in the set of 
router systems is geographically located on or within a given 
geographic boundary ; and 

generating a geographic router boundary resource for the set 
of router systems such that the geographic router boundary 
resource defines a logical boundary within the distributed data 
processing system based on the geographic location information 
for each router system in the set of router systems . 



2. (Amended) The method of claim 9 -^further comprising: 

associating two or more geographic router boundary resources 
to create a secure boundary between two or more geographic 
20 regions. 



3. (Amended) The method of claim 9 ^—further comprising: 
configuring user security parameters for controlling access 

to the geographic router boundary resource. 

25 

4. (Amended) The method of claim 1 further comprising: 
configuring user security parameters for controlling access 

to the geographic router boundary resource; and 

authorizing user access to the geographic router boundary 
30 resource based on a user security parameter corresponding to the 
geographic location information. 
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5. (Amended) The method of claim 1 further comprising: 
configuring user security parameters for controlling access 

to the geographic router boundary resource; and 

authorizing user access to resources within a geographic 
region as indicated by the geographic router boundary resource 
based on a user security parameter corresponding to the 
geographic location information. 

6. (Amended) The method of claim 1 further comprising: 

configuring user security parameters for controlling access 
to the geographic router boundary resource; 

authorizing user access to the geographic router boundary 
resource based on a user security parameter corresponding to the 
geographic location information; and 

quarantining a set of devices within a geographic region as 
indicated by the geographic router boundary resource. 

7. (Amended) The method of claim 1 further comprising: 

configuring user security parameters for controlling access 

to the geographic router boundary resource; 

authorizing user access to the geographic router boundary 

resource based on a user security parameter corresponding to the 

geographic location information; 

guarantining a set of devices within a geographic region as 

indicated by the geographic router boundary resources- 
disinfecting the set of devices within the geographic region 

as indicated by the geographic router boundary resource; and 

unquarantining the - a— set of devices within the - a— geographic 

region . 
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8, (Amended) The method of claim 1 further comprising: 

configuring user security parameters for controlling access 
to the geographic router boundary resource; 

authorizing user access to the geographic router boundary 
resource based on a user security parameter corresponding to the 
geographic location information; and 

disinfecting the - a— set of devices within the - a— geographic 
region as indicated by the geographic router boundary resource. 

10 9. (Original) The method of claim 1 further comprising: 

dynamically discovering endpoints, systems, and networks 
within the distributed data processing system; 

correspondingly representing endpoints, systems, and 
networks within the distributed data processing system as a set 
15 of endpoint objects, system objects, and network objects; and 

logically organizing the endpoint objects, system objects, 
and network objects within a set of scopes, wherein each endpoint 
object, each system object, and each network object is uniquely 
assigned to a scope such that scopes do not logically overlap. 

20 
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10. (Amended) The method of claim 9 ^-further comprising: 

representing the distributed data processing system as a set 

of scopes, wherein a scope comprises a logical organization of 

network-related objects; 
5 associating each scope with a management customer, wherein 

each scope is uniquely assigned to a management customer, wherein 

each scope is uniquely associated with a set of configuration 

parameters for managing each scope; 

managing the distributed data processing system as a set of 
10 logical networks, wherein a logical network comprises a set of 

scopes, and wherein each logical network is uniquely assigned to 

a management customer; and 

allowing an administrative user to dynamically reconfigure 

logical networks within the distributed data processing system. 



Page 6 

French et al . - 09/930,424 



11. (Amended) An apparatus for management of a distributed 
data processing system, the apparatus comprising: 

means for configuring geographic location information for 
resources within the distributed data processing system; 

means for identifying router systems within the distributed 
data processing system; 

means for determining a set of router systems that are 
closest to a geographic boundary such that each router system in 
the set of router systems is geographically located on or within 
a given geographic boundary ; and 

means for generating a geographic router boundary resource 
for the set of router systems such that the geographic router 
boundary resource defines a logical boundary within the 
distributed data processing system based on the geographic 
location information for each router system in the set of router 
systems . 

12. (Amended) The apparatus of claim 19 - H— -further 
comprising : 

means for associating two or more geographic router boundary 
resources to create a secure boundary between two or more 
geographic regions . 

13. (Amended) The apparatus of claim 19 ^ H^further 
comprising: 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource. 
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14. (Amended) The apparatus of claim 11 further comprising 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource; 
and 

means for authorizing user access to the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information. 

15. (Amended) The apparatus of claim 11 further comprising 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource; 
and 

means for authorizing user access to resources within a 
geographic region as indicated by the geographic router boundary 
resource based on a user security parameter corresponding to the 
geographic location information. 

16. (Amended) The apparatus' of claim 11 further comprising 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

means for authorizing user access to the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information; and 

means for quarantining a set of devices within a geographic 
region as indicated by the geographic router boundary resource. 
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17. (Amended) The apparatus of claim 11 - 1-6— further 
comprising : 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

means for authorizing user access to the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information; 

means for guarantining a set of devices within a geographic 
region as indicated by the geographic router boundary resource; 

means for disinfecting the set of devices within the 
geographic region as indicated by the geographic router boundary 
resource; and 

means for unquarantining the a — set of devices within the - a 
geographic region. 

18. (Amended) The apparatus of claim 11 further comprising 

means for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

means for authorizing user access to the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information; and 

means for disinfecting the a — set of devices within the - a- 
geographic region as indicated by the geographic router boundary 
resource . 



Page 9 

French et al . - 09/930,424 



19. (Original) The apparatus of claim 11 further comprising: 
means for dynamically discovering endpoints, systems, and 

networks within the distributed data processing system; 

means for correspondingly representing endpoints, systems, 
5 and networks within the distributed data processing system as a 
set of endpoint objects, system objects, and network objects; and 

means for logically organizing the endpoint objects, system 
objects, and network objects within a set of scopes, wherein each 
endpoint object, each system object, and each network object is 
10 uniquely assigned to a scope such that scopes do not logically 
overlap. 

20. (Amended) The apparatus of claim 19 - H^further 
comprising : 

15 means for representing the distributed data processing 

system as a set of scopes, wherein a scope comprises a logical 
organization of network-related objects; 

means for associating each scope with a management customer, 
wherein each scope is uniquely assigned to a management customer, 
20 wherein each scope is uniquely associated with a set of 
configuration parameters for managing each scope; 

means for managing the distributed data processing system as 
a set of logical networks, wherein a logical network comprises a 
set of scopes, and wherein each logical network is uniquely 
25 assigned to a management customer; and 

means for allowing an administrative user to dynamically 
reconfigure logical networks within the distributed data 
processing system. 
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21. (Amended) A computer program product in a computer 

readable medium for use in managing a distributed data processing 
system, the computer program product comprising: 

instructions for configuring geographic location information 
for resources within the distributed data processing system; 

instructions for identifying router systems within the 
distributed data processing system; 

instructions for determining a set of router systems that 
are closest to a geographic boundary such that each router system 
in the set of router systems is geographical! v located on or 
within a given geographic boundary ; and 

instructions for generating a geographic router boundary 
resource for the set of router systems such that the geographic 
router boundary resource defines a logical boundary within the 
distributed data processing system based on the geographic 
location information for each router system in the set of router 
systems . 
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22. (Amended) The computer program product of claim 21 
further comprising : 

instructions for correspondingly representing dynamically 
discovered endpoints, dynamically discovered systems, and 
dynamically discovered networks within the distributed data 
processing system as a set of endpoint objects, system objects, 
and network objects; 

instructions for logically organizing the endpoint objects, 
system objects, and network objects within a set of scopes, 
wherein each endpoint object, each system object, and each 
network object is uniquely assigned to a scope such that scopes 
do not logically overlap; and 

instructions for associating two or more geographic router 
boundary resources to create a secure boundary between two or 
15 more geographic regions. 

23. (Amended) The computer program product of claim 21 
further comprising : 

instructions for correspondingly representing dynamically 
discovered endpoints, dynamically discovered systems, and 
dynamically discovered networks within the distributed data 
processing system as a set of endpoint objects, system objects, 
and network objects; 

instructions for logically organizing the endpoint objects, 
system objects, and network objects within a set of scopes, 
wherein each endpoint object, each system object, and each 
network object is uniguely assigned to a scope such that scopes 
do not logically overlap; and 

instructions for configuring user security parameters for 
30 controlling access to the geographic router boundary resource. 
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24. (Amended) The computer program product of claim 21 
further comprising : 

instructions for configuring user security parameters for 
controlling access to the geographic router boundary resource; 
and 

instructions for authorizing user access to the geographic 
router boundary resource based on a user security parameter 
corresponding to the geographic location information. 

25. (Amended) The computer program product of claim 21 
further comprising : 

instructions for configuring user security parameters for 
controlling access to the geographic router boundary resource; 
and 

instructions for authorizing user access to resources within 
a geographic region as indicated by the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information. 

26. (Amended) The computer program product of claim 21 
further comprising : 

instructions for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

instructions for authorizing user access to the geographic 
router boundary resource based on a user security parameter 
corresponding to the geographic location information; and 

instructions for quarantining a set of devices within a 
geographic region as indicated by the geographic router boundary 
resource . 
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27. (Amended) The computer program product of claim 21 £ 6 
further comprising : 

instructions for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

instructions for authorizing user access to the geographic 
router boundary resource based on a user security parameter 
corresponding to the geographic location information; 

instructions for guarantining a set of devices within a 
geographic region as indicated by the geographic router boundary 
resource ; 

instructions for disinfecting a set of devices within a 
geographic region as indicated by the geographic router boundary 
resource ; and 

instructions for unquarantining the - e^set of devices within 
the ^ -geographic region . 

28. (Amended) The computer program product of claim 21 
further comprising: 

instructions for configuring user security parameters for 
controlling access to the geographic router boundary resource; 

instructions for authorizing user access to the geographic 
router boundary resource based on a user security parameter 
corresponding to the geographic location information; 

instructions for guarantining a set of devices within a 
geographic region as indicated by the geographic router boundary 
resource; and 

instructions for disinfecting the a — set of devices within 
the ^ geographic region as indicated by the geographic router 
boundary resource. 
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